Maturing Past Maturity-Based To Risk-Based
I recently stumbled upon a McKinsey article from October 2019 that more elegantly, in McKinsey speak, made the argument against “cyber hygiene” than I do. Over the past three years I’ve seen many asset owners go through the same process: Board or...
ICS Security Company Valuation and Value Investing
Frank, non-flattering admission … I am terrible at determining how much an ICS security company is worth, it’s valuation. While I believe that I can analyze the market, identify the product and service trends, evaluate company strategies, and identify the...Women In ICS Security
Kelly Jackson Higgins of Dark Reading joins Dale Peterson to co-host this episode of the Unsolicited Response Show. The topic is Women In ICS Security, and all the guests are Women In ICS Security: – Kristin Demoranville – MJ Emanuel – Najo Ifield...
My Recollection of the F**g Salmon Dinner
Chapter 2 of Nicole Perlroth’s book This Is How They Tell Me The World Ends is all about S4x13 and particularly about a dinner I hosted that she called The F**king Salmon dinner. We were all in Miami to attend the same bizarre conference – an annual...
Consequence and INL’s CCE
The long awaited detail of INL’s Consequence-driven, Cyber-informed Engineering (CCE) methodology is now available in the Andy Bochman / Sarah Freemen book Countering Cyber Sabotage. I had the opportunity to interview the authors for an hour in this week’s...
An Operator Turing Test
Proposal: A small group in the ICS world develop a test to determine if a “machine” can be trained from only historian data to perform as good (indistinguishable) or better than a representative Operator. In 1950 Alan Turing wrote an article on what...
Podcast: Pwn2Own Miami
Almost 300K Awarded For ICS 0day Exploits The ZDI team brought Pwn2Own to ICS with Pwn2Own Miami at S4x20. They awarded almost $300K to researchers who were able to find and exploit 0day vulnerabilities in important ICS applications. Applications such as HMI and EWS...